Clients often want to know the progress during testing, and sometimes IT/SOC staff want to know if a recent change in a configuration or activity is related to our testing (vs. a possible unauthorized attacker). Because of this, during testing, we relay information in the following ways:
- Secure communications and file transfer avenues to ensure your information remains protected
- Access to a live “blog” of sorts, which contains the following:
- security engineers’ real-time, unedited, unfiltered notes about where they currently are in the testing process
- what has already been tested/attacked
- exploits used
- any changes/modifications to your network as part of the testing.
- See example here: https://penconsultants.com/home/live-notes-and-timeline/
- Immediate notification if an imminent risk or compromise is identified
- 24-7 support – name, phone number, and email address of all security engineers performing tests
